The changes for draft-23 in TLS split RSA-PSS usage in two. New codepoints are used for RSA-PSS signatures that are made with RSA-PSS keys. NSS currently uses the codepoints for RSAE keys even if an RSA-PSS key is used. I have a patch, but it's unlikely to make NSS 3.35.